meta.clear();
if (B.getDomainMetadata(zone, "AXFR-MASTER-TSIG", meta) && !meta.empty()) {
- cout << "Zone uses following TSIG key(s): " << boost::join(meta, ",") << endl;
+ // Although AXFR-MASTER-TSIG may contain a list of keys, the current
+ // state of DNSSECKeeper::getTSIGForAccess() causes only the first one
+ // to be ever used, so only list the first item here.
+ cout << "Zone uses following TSIG key: " << meta.front() << endl;
}
std::map<std::string, std::vector<std::string> > metamap;
Json::array tsig_secondary_keys;
for (const auto& keyname : tsig_secondary) {
tsig_secondary_keys.emplace_back(apiNameToId(keyname));
+ // Although AXFR-MASTER-TSIG may contain a list of keys, the current
+ // state of DNSSECKeeper::getTSIGForAccess() causes only the first one
+ // to be ever used, so only return the first item here.
+ break;
}
doc["slave_tsig_key_ids"] = tsig_secondary_keys;
if (!document["slave_tsig_key_ids"].is_null()) {
vector<string> metadata;
extractJsonTSIGKeyIds(backend, document["slave_tsig_key_ids"], metadata);
+ if (metadata.size() > 1) {
+ throw ApiException("Only one TSIG secondary key is currently allowed");
+ }
if (!domainInfo.backend->setDomainMetadata(zonename, "AXFR-MASTER-TSIG", metadata)) {
throw HttpInternalServerErrorException("Unable to set new TSIG secondary keys for zone '" + zonename.toString() + "'");
}
projects / thirdparty / pdns.git / commitdiff
